[Samba] classicupgrade migration issues
Sonic
sonicsmith at gmail.com
Sat Mar 19 17:16:29 UTC 2016
On Fri, Mar 18, 2016 at 4:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> The upgrade code assumes you run on the same host. I realise now that
> folks doing an upgrade use that an an opportunity to upgrade hardware,
> and keep old systems as fallbacks, so the assumptions cause trouble.
>
> Make the new host identical in terms of the data needed to upgrade
> (users/groups/samba databases) upgrade and then remove the posix
> users/groups and use nss_winbind instead.
Some progress has been made.
After adding the groups and users to the new host I still received the
errors "Exporting groups" until I matched the GID's. So that's a
necessity.
The problem I'm getting seems to revolve around the "Print Operators"
account and causes the migration to crash:
============================
Importing idmap database
Cannot open idmap database, Ignoring: [Errno 2] No such file or directory
Adding groups
Importing groups
Could not add group name=Print Operators ((68, "samldb: Account name
(sAMAccountName) 'Print Operators' already in use!"))
Could not modify AD idmap entry for
sid=S-1-5-21-1832519723-2688400599-3493754984-550, id=449,
type=ID_TYPE_GID ((32, "Base-DN
'<SID=S-1-5-21-1832519723-2688400599-3493754984-550>' not found"))
Could not add posix attrs for AD entry for
sid=S-1-5-21-1832519723-2688400599-3493754984-550, ((32, "Base-DN
'<SID=S-1-5-21-1832519723-2688400599-3493754984-550>' not found"))
Group already exists
sid=S-1-5-21-1832519723-2688400599-3493754984-512, groupname=Domain
Admins existing_groupname=Domain Admins, Ignoring.
Group already exists
sid=S-1-5-21-1832519723-2688400599-3493754984-514, groupname=Domain
Guests existing_groupname=Domain Guests, Ignoring.
Group already exists
sid=S-1-5-21-1832519723-2688400599-3493754984-513, groupname=Domain
Users existing_groupname=Domain Users, Ignoring.
Group already exists
sid=S-1-5-21-1832519723-2688400599-3493754984-515, groupname=Domain
Computers existing_groupname=Domain Computers, Ignoring.
Committing 'add groups' transaction to disk
Adding users
Importing users
User root has been kept in the directory, it should be removed in
favour of the Administrator user
Committing 'add users' transaction to disk
Adding users to groups
ERROR(<class 'samba.provision.ProvisioningError'>): uncaught exception
- ProvisioningError: Could not add member
'S-1-5-21-1832519723-2688400599-3493754984-1000' to group
'S-1-5-21-1832519723-2688400599-3493754984-550' as either group or
user record doesn't exist: Base-DN
'<SID=S-1-5-21-1832519723-2688400599-3493754984-550>' not found
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 1565, in run
useeadb=eadb, dns_backend=dns_backend, use_ntvfs=use_ntvfs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
line 824, in upgrade_from_samba3
add_users_to_group(result.samdb, g, groupmembers[str(g.sid)], logger)
File "/usr/local/samba/lib/python2.7/site-packages/samba/upgrade.py",
line 317, in add_users_to_group
raise ProvisioningError("Could not add member '%s' to group '%s'
as either group or user record doesn't exist: %s" % (member_sid,
group.sid, emsg))
============================
I don't think the missing idmap (simply don't have one) database is an issue.
But the 3 lines after "Importing groups" having to do with the "Print
Operators" group are possible issues.
And then the ERROR (uncaught exception) after an attempt to add a user
to said "Print Operators" group.
As "Print Operators" in listed as a BUILTIN in the AD scheme this may
have something to do with the problem.
Any ideas?
Thanks,
Chris
More information about the samba
mailing list